Storing API keys/passwords inside a Azure Storage Account Table

Question

Now that Azure Storage automatically encrypts data, is it safe to store such things as API keys or passwords in a table?

I know that Azure KeyVault is designed to store sensitive information however I would like to store more information than just API keys or passwords, hence my question regarding Azure Storage Tables.

Answer 1

You are absolutely right about azure key-vault! Its not a good practice to store your key and password on storage account table. Azure has special functionality for that as you already know.

Azure Key Vault:

Azure Key Vault provides safeguards for following keys and secrets.for example, When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules (HSMs).

Key Vault reduce following problems:

1. Secret management
2. Key management
3. Certificate management
4. Store secrets backed by HSMs

Note: Now a days azure key-vaults become more popular among the big organizations and towards the developer as well to manage large scale of security key , certification and many more. For more details I would recommend to take a look official document here

Answer 2

yes you can store sensitive information in storage account. if you want it to be more secure and reliable you can use your own custom encryption key with best replication method of storage account.